Companies' answers to the questionnaire will heavily affect BAFA’s selection of companies to be investigated more closely. BAFA explains that one important factor when determining enforcement focus will be how plausible the submitted report of a company is. Hence, documentation and reporting is utterly important for companies. Companies should keep that in mind and use these questions as additional guidance for the internal implementation and documentation of the due diligence obligations under the SCDDA. At the beginning of the fourth quarter of 2022, roughly three months before the SCDDA will enter into force, the questionnaire was published just in time to ensure “reporting by design” according to the BAFA standards.

Reporting obligations under Sec. 10 (2) SCDDA

Pursuant to Sec. 10 (2) SCDDA, companies under the scope of the Act, have to publish an annual report (no later than four months after the end of the financial year) on the fulfilment of its due diligence obligations. For most companies subject to the SCDDA as of 1 January 2023, the first report will be due in April 2024 at the latest. According to the law, the report must include information in particular on

• the identified human rights and environment-related risks under the law, if any;
• the company´s efforts to fulfil its due diligence obligations under Sec. 4 to 9 SCDDA; and
• how the company assesses these efforts and their impact as well as what conclusions it draws from the assessment for the risk management system and future due diligence measures.

The law did not state how the reporting obligations shall be fulfilled, hence how the report shall be drafted und structured. The BAFA now has published a structured questionnaire for the fulfilment of the reporting obligation explicitly stating that the complete and truthful answer fulfils the content requirements under Sec. 10 (2) SCDDA. The BAFA will follow up with further information on the actual submission of the report which will be done electronically.

BAFA instructions on the use of the questionnaire

BAFA provides instructions on how to use the questionnaire. We would like to highlight the following:

• The questionnaire covers all legislative requirements and represents the company’s “business card” when it comes to compliance with the due diligence requirements.
• BAFA reiterates that each group company which falls into the scope of the SCDDA are in principle required to answer the entire questionnaire. But BAFA will accept references to or defrayals from other reports provided that compliance in both companies with the due diligence obligations is plausibly presented and all reports are independently comprehensible and understandable.
• Other reporting obligations under applicable laws remain unaffected. Companies may, where appropriate, make use of other reports at their discretion.
• Companies are entitled to protect their trade and business secrets when fulfilling their reporting obligations. Trade and business secrets are defined as all facts, circumstances and processes relating to a company that are not public knowledge but are only accessible to a limited group of people and in the non-dissemination of which the legal entity has a justified interest.
• Companies are not obliged to self-incriminate employees.

In addition, for a coherent understanding and answering of the questions, the questionnaire also includes several definitions and explanations. Companies should assess if these correspond to their current understanding of the law. Some of BAFA’s legal positions so far are heavily criticized by legal scholars and companies alike. For example, according to BAFA’s interpretation, direct suppliers of affiliated companies on which the parent companies exercise decisive influence are also direct suppliers of the parent company. However, for the time being, companies should be aware of BAFA’s interpretation and, if they do not intend to follow BAFA’s interpretation, document the reason thoroughly.

The questionnaire

The questionnaire contains a vast list of 437 questions. Most questions are obligatory; only some of the questions are voluntary. While there are several questions to be answered in multiple-choice format, several questions also require detailed descriptions and explanations on multiple-choice answers. The questionnaire includes an explicit disclaimer stating that the answering of these questions shall be voluntary and any waiver of will not incur any disadvantages. However, if possible, companies should try to answer the questionnaire as fulsome as possible to show good will and aim for a thorough and detailed report.

The structure of the questionnaire includes chapters on the following aspects of the law:

• The company´s human rights strategy and its risk management process and structures;
• The company´s risk analysis process, implementation and results;
• The company´s preventive and remedial actions with regard to every respective prioritized risk or violation and their communication and handling as part of the risk management;
• The company´s grievance mechanism; and
• The assessment of the company´s risk management and respective conclusions.

Already simply because of the large number of questions, the questionnaire requires very detailed and concrete reporting, in particular on the steps taken and status of implementation of the due diligence obligations under the SCDDA, the progress and results of the risk analysis, but as well as on the other due diligence obligations. E.g. companies must explain (i) how they conducted the risk analysis, (ii) their approach to ensure that remedial action can be taken in the event of violations and that their implementation is also effective and (iii) which proportionate remedial measures were taken. However, it is not clear from the questionnaire and the explanations provided thereon, which degree of detail will be required by BAFA when answering these questions. There is much to suggest that the risk-based approach applies also with regard to reporting obligations.

What does this mean for companies?

Companies should keep the reporting obligation and questionnaire of the BAFA in their mind when implementing due diligence measures and documenting the same. In the current critical phase of implementing the SCDDA requirements, companies, in order to ensure “reporting by design” according to the BAFA standards, should test their envisaged set-up against the questionnaire to find and close potential gaps in the operational set up right from the start.

Although completing the questionnaire will take some efforts and time, it gives some comfort to companies by indirectly laying out BAFA’s understanding on how to handle situations under the SCDDA. The set-up of respective compliance processes and responsibilities for due diligence measures, their performance as well as documentation of the same should be conducted in a way that all information for the answering of the respective sections of the BAFA questionnaire is gathered in the course of 2023 and in a structured and efficient way. When doing so, companies may create synergies concerning other applicable reporting obligations.

While the BAFA questionnaire is extensive and shows how BAFA intends to build its enforcement cases, it provides further helpful guidance for companies and their management on the need to very diligently tackle the implementation of the SCDDA in order to avoid further investigations and liability risks. Documentation and reporting will play a crucial role for companies and should be addressed as another important risk management measure to ensure SCDDA compliance.

Authored by Christian Ritz, Vincent Rek and Felix Werner.